Re: [Extra] Review: draft-ietf-extra-imap4rev2-11

["Bron Gondwana" <brong@fastmailteam.com>]

On Thu, Jan 30, 2020, at 01:20, Timo Sirainen wrote:
> On 29. Jan 2020, at 14.08, Bron Gondwana <brong@fastmailteam.com> wrote:
>> 
>> *2.2.1 Client protocol*
>> **
>> *"A different tag is generated by the client for each command".* There's no "MUST" on this, and certainly I've seen clients which don't. Do we want to make that more strict in rev2? It would be a bit of a pain on the commandline where I normally use ".", but it's also annoying as a server author that you can't rely on tag uniqueness.
>> 
>> Maybe the client SHOULD generate a different tag for every command, but a server MUST accept tag reuse (could restrict concurrency, a tag can only be reused after it's been "returned")
> 
> I haven't seen this as a problem, so I don't really care either way.

I don't care either way, it's more "if I was writing a server it wouldn't be clear to me that a client might just send . every time".

> 
>> *2.3.1.1 UID Attribute*
>> **
>> *"The next unique identifier value MUST NOT change unless new messages are added to the mailbox". * I would very much like that first MUST NOT to be weakened to "SHOULD NOT". My reasoning is that you could have a virtual mailbox which used a global sequence number per message. It would behave to clients as if a message had been delivered and then immediately expunged. I'm pretty sure clients don't care - they'll fetch the range, discover that nothing new has appeared, and stay happy. The second MUST is obviously correct, that the UIDNEXT must increase when messages are delivered.
> 
> Agreed.
> 
>> *5.1 Mailbox Naming*
>> 
>> This doesn't solve one of my naming bugbears. The spec says things like *"servers MAY accept a de-normalized UTF-8 mailbox name and conver it to Net-Unicode prior to mailbox creation." -*** **there is no clear way to know what the SELECTable name will be after creating a mailbox.
>> 
>> If I was designing this myself from scratch I would say that "SELECT of the same octets that were passed to CREATE MUST open that same mailbox" or something to that effect. Since we're messing with how mailbox naming works somewhat for imap4rev2, I'd be keen to add this restriction on server behaviour so that clients don't fall into a "CREATE -> ALREADY EXISTS / SELECT -> DOESN'T EXIST" loop.
>> 
>> It still doesn't mean that you can reliably tell the correct octets for the matching mailbox from the LIST response though :(
> 
> Is it too late to add a new response code? Something like:
> 
> * OK [CREATED] TAG "a123" NAME "Denormalized name"

Presumable the name would be an astring. If we did this, I'd want to say "if OBJECTID is supported, MAILBOXID goes into this response as well".

> 
>> *6.3.2 SELECT command*
>> 
>> I also saw somewhere that the server can unilaterally send a "* [CLOSED]" response at any point if it's had to close the mailbox (e.g. it got deleted, or IO errors). I'm not sure if that requires opt-in to IMAP4REV2, since otherwise clients will not be aware to watch for it. This may need to be clarified. Current behaviour of our server right now is to drop the connection entirely, which is ugly - but it's rare and all clients already need to handle it cleanly, so it guarantees no messed up data model for the clients.
> 
> Yeah, I'd prefer just BYE instead of unilateral CLOSED. I don't think clients are going to implement it correctly since it almost never happens, so nobody tests that code path.
> 
>> *6.3.4 and 6.3.5 CREATE and DELETE*
>> 
>> Can we make it illegal to "DELETE" a mailbox with children rather than make it a \NoSelect mailbox pretty pretty please? I'm just looking at some patches to deal with Outlook misbehaving with this precise situation, and it's all horrible. Because of mailboxId requirements for JMAP we've been forced to keep these things around as "intermediate" mailboxes anyway, and it's been the source of tons of bugs.
> 
> \NoSelect seems to be causing confusion in general, and Dovecot nowadays has options that makes it try to avoid creating them. But I'm not sure if it needs to be made illegal in the RFC itself. I think your server implementation can just decide to reject DELETE if it has children.
> 
> It sounds like your issues are with \NoSelect mailboxes in general, not just this specific way of creating them with DELETE? For example CREATE a/b could create "a" se \NoSelect also.

That's indeed what happens now in our server:

. list "" a*
* LIST (\HasNoChildren) "/" a/b/c
. OK Completed (0.001 secs 3 calls)
. list "" a/%
* LIST (\Noselect \HasChildren) "/" a/b
. OK Completed (0.001 secs 3 calls)
. list "" a
* LIST (\Noselect \HasChildren) "/" a
. OK Completed (0.000 secs 3 calls)

>> *6.3.6 RENAME *
>> 
>> I thought we had agreed to strongly recommend against clients using RENAME INBOX Other, but maybe I've forgotten. I don't see it in the minutes, so maybe it's just my wishful thinking.
> 
> Dovecot doesn't allow RENAME INBOX in some configurations. I don't remember people complaining.

Excellent. I'm keen to turn it off on our server. I should probably scan the logs and see how often it gets used!

>> We definitely have an option in Cyrus IMAP to make subscriptions follow RENAME. It's one of the warts (largely due to Thunderbird showing greyed out folders and confusing people).
> 
> We haven't needed to do this yet. I think the \NoSelect folders have been more of a reason for Thunderbird confusion.
> 
>> *6.3.7 SUBSCRIBE*
>> 
>> Speak of the devil. Lots of sites violate the MUST NOT unilaterally remove rule. Should we weaken it to SHOULD? The justification for the MUST is "the server site might choose to do X" - well, if the server site is doing that, then maybe they SHOULDN'T unilaterally remove the subscriptions, but otherwise it's a better user experience and what people want.
>> 
>> (also: by enabling a non-default break the rules config, it's what our server does!)
> 
> The original use case for not auto-removing a subscription is rather ancient already. I'd be fine with changing subscriptions to follow deletes and renames in the rev2 mode (but better not change behavior in rev1 mode).
> 
>> *6.3.8 UNSUBSCRIBE*
>> 
>> *This command returns a tagged OK response only if the unsubscription is successful. *- this is not clear on what happens if the mailbox is not currently subscribed - does it silently succeed, or is there an expected error?
>> 
>> For what it's worth, our server just says "OK Completed" even if it's already been unsubscrbed - and likewise for subscribe if it's already subscribed it just say "yep, all good".
> 
> Same with Dovecot. I think should keep the OK behavior, since that's what is commonly been done.
> 
>> *6.3.10 NAMESPACE*
>> 
>> We've created a conflict here. The NAMESPACE command contains prefix strings for the individual namespaces, and says:
>> 
>>    The prefix string allows a client to do things such as automatically
   creating personal mailboxes or LISTing all available mailboxes within
   a namespace.
>> 
>> Which contradicts the advice we gave back in the LIST command not to use prefix. Perhaps we should change the LIST advice to be "only use the empty prefix or prefixes given in the NAMESPACE response"?
> 
> I think you're mixing "namespace prefixes" with "list references"? I don't think the above sentence advocates using LIST reference parameter, just using the namespace prefix for listing e.g. LIST "" ns-prefix/*
> 
> Anyway, I see lots and lots of text is still preserved for the LIST reference parameter explanation, even though it shouldn't be used. Couldn't we just decide to get rid of it entirely in rev2 and say the reference MUST be empty? Or say only that is is implementation-defined and refer to IMAP4rev1 if anyone wants to see how it used to be implemented?

There was some discussion about this - I'll leave it for Barry/Alexey to reply on this one, since they've thought about it more than I have.

>> *6.3.11 STATUS*
>> 
>>       Note: The STATUS command is intended to access the status of
      mailboxes other than the currently selected mailbox.  Because the
      STATUS command can cause the mailbox to be opened internally, and
      because this information is available by other means on the
      selected mailbox, the STATUS command SHOULD NOT be used on the
      currently selected mailbox.
>> 
>> This advice is all well and good, but it says nothing about what the server may or may not do when it gets one of these STATUS commands. This is particularly relevant in the context of LIST RETURN STATUS, where it's hard to construct list patterns which explicitly avoid the currently selected mailbox.
>> 
>> Likewise with the: *MUST NOT be used as a "check for new messages in the selected mailbox" *assertion. Plenty of clients will do a STATUS run across folders and if they're doing LIST RETURN STATUS they're gonna find out about the new messages if the server returns it. Clients can not rely on it working is a more honest representation of what happens.
>> 
>> I'd like to see that IMAP4REV2 servers MUST implement STATUS of the currently selected mailbox. Yes, it's a special codepath - but if you're already testing if it's the currently open mailbox then you're at exactly the right place to do the right thing:
> 
> Also this is the only way to get the current UIDNEXT of the selected mailbox (since it might be higher than last message's UID).
> 
> The main ambiguity though is whether STATUS on the current mailbox is expected to check for new changes. Dovecot implements it in a way that it doesn't check for changes. I think there used to be even a good reason for that.

Well.. if it doesn't check for changes presumably it can't tell you the correct UIDNEXT? Either that or it will have an inconsistent response for the selected folder.

>> *6.4.4.1 SAVE Result*
>> 
>> I'm not sure I understand the interaction here with closing and re-opening a mailbox. I would expect that closing a mailbox would wipe the SAVED result,
> 
> I think it practically says that, since it says that SELECT/EXAMINE resets it to empty sequence. It's not really relevant whether it happens when the mailbox is closed or when the next mailbox is opened, because you can't use it in non-selected state anyway..

Right - so that whole section is pointless. This text:

   If the server decides to send a new UIDVALIDITY value while the
   mailbox is opened, this causes resetting of the search variable to
   the empty sequence.

If any SELECT resets the variable.

>> and that trying to use a SAVED result when there isn't one should return an error.
> 
> It says that the default is an empty sequence. So it won't result in an error, just a non-matching set. I'm fine with this behavior, especially since it's easier to implement and I don't really see much of a downside.

Yep, fair enough. I haven't implemented $ yet, but it will be easy.

>> Speaking of which, Example 5 is wrong: It says that the second search command leads to the variable containing no messages, but the second search command did not contain the RETURN SAVE option, so it should not have altered the variable.
> 
> Right. And even if it did contain RETURN SAVE option it still shouldn't have altered the variable, because:
> 
> """
>  Any of the following SEARCH commands MUST NOT change the search
>  result variable:
> 
>  a SEARCH command that caused the server to return the BAD tagged
>  response,
> """
> 
> 
>> *7.4.2 FETCH Response*
>> 
>> I remember past bugs with UID in "unsolicited" FLAGS responses. Do we need to require that including UID only happen after ENABLE IMAP4REV2 (as it is for ENABLE QRESYNC)?
> 
> Might be useful to require UID for any untagged FETCH reply. It can simplify client behavior.

We definitely changed from doing it always because some clients couldn't handle it - but that was 10 years ago, maybe those clients don't exist any more. Sadly I don't remember which clients it was.

Cheers,

Bron.
--
 Bron Gondwana, CEO, Fastmail Pty Ltd
 brong@fastmailteam.com